Skip to content

Instantly share code, notes, and snippets.

@Jineeshak

Jineeshak/SQLi SUS.bcheck

Last active July 1, 2024 05:22
Show Gist options
  • Save Jineeshak/cdef845d74e0cdcc97bade0b19e3b6a5 to your computer and use it in GitHub Desktop.
Save Jineeshak/cdef845d74e0cdcc97bade0b19e3b6a5 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. Jineeshak revised this gist Jul 1, 2024. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion SQLi SUS.bcheck
    View file
    Original file line number Diff line number Diff line change
    @@ -6,7 +6,7 @@ metadata:
    tags: "SQLi"

    given request then
    if {latest.request.url} matches "\b(\?|&)(process|string|id|referer|password|pwd|field|view|sleep|column|log|token|sel|select|sort|from|search|update|pub_group_id|row|results|role|table|multi_layer_map_list|order|filter|user|fetch|limit|keyword|email|query|c|name|where|number|phone_number|delete|report)=\b" then
    if {latest.request.url} matches "\b(\?|&)(process|string|id|referer|password|pwd|field|view|column|log|sort|from|search|update|cat|row|results|role|table|id|order|filter|user|fetch|limit|keyword|email|query|c|name|where|number|phone_number|delete|report)=\b" then
    report issue:
    severity: info
    confidence: tentative
  2. Jineeshak revised this gist Jun 29, 2024. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion SQLi SUS.bcheck
    View file
    Original file line number Diff line number Diff line change
    @@ -6,7 +6,7 @@ metadata:
    tags: "SQLi"

    given request then
    if {latest.request} matches "\b(\?|&)(process|string|id|referer|password|pwd|field|view|sleep|column|log|token|sel|select|sort|from|search|update|pub_group_id|row|results|role|table|multi_layer_map_list|order|filter|user|fetch|limit|keyword|email|query|c|name|where|number|phone_number|delete|report)=\b" then
    if {latest.request.url} matches "\b(\?|&)(process|string|id|referer|password|pwd|field|view|sleep|column|log|token|sel|select|sort|from|search|update|pub_group_id|row|results|role|table|multi_layer_map_list|order|filter|user|fetch|limit|keyword|email|query|c|name|where|number|phone_number|delete|report)=\b" then
    report issue:
    severity: info
    confidence: tentative
  3. Jineeshak created this gist Jun 29, 2024.
    15 changes: 15 additions & 0 deletions SQLi SUS.bcheck
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,15 @@
    metadata:
    language: v1-beta
    name: "SQLi SUS"
    description: "Identify suspicious parameters that could be prone to SQL Injection."
    author: "@Jineesh AK"
    tags: "SQLi"

    given request then
    if {latest.request} matches "\b(\?|&)(process|string|id|referer|password|pwd|field|view|sleep|column|log|token|sel|select|sort|from|search|update|pub_group_id|row|results|role|table|multi_layer_map_list|order|filter|user|fetch|limit|keyword|email|query|c|name|where|number|phone_number|delete|report)=\b" then
    report issue:
    severity: info
    confidence: tentative
    detail: "Suspicious parameter detected in request. This may be vulnerable to SQL Injection."
    remediation: "Validate and sanitize input for the detected parameter to prevent SQL Injection."
    end if